Microsoft Windows Knowledge Base Article 961501 update is not installed (WinMs09kb961501Update)

Vuln ID: 50766
Risk Level: High risk vulnerability  High WinMs09kb961501Update
Platforms: Microsoft Windows 2000: SP4, Microsoft Windows XP: SP2, Microsoft Windows Vista, Microsoft Windows Server 2003: SP2, Microsoft Windows Server 2003: SP2 Itanium, Microsoft Windows Server 2003: SP2 x64, Microsoft Windows Vista: x64, Microsoft Windows XP: SP2 x64 Professional, Microsoft Windows Vista: SP1, Microsoft Windows Vista: SP1 x64, Microsoft Windows Server 2008: Itanium, Microsoft Windows Server 2008: x32, Microsoft Windows Server 2008: x64, Microsoft Windows XP: SP3, Microsoft Windows Vista: SP2 x64, Microsoft Windows Vista: SP2, Microsoft Windows Server 2008: SP2 x32, Microsoft Windows Server 2008: SP2 x64, Microsoft Windows Server 2008: SP2 Itanium
Description:

Microsoft Knowledge Base Article 961501 is not installed, which could allow a remote attacker to exploit the following vulnerabilities:

Microsoft Windows is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the EnumeratePrintShares function when validating the length of the printer server's response. By connecting to the print spooler service, a remote attacker could send a specially-crafted RPC request to overflow a buffer and execute arbitrary code on the system with SYSTEM privileges or cause the application to crash.

Microsoft Windows could allow a local attacker to obtain sensitive information, caused by the improper checking on files that can be included with separator pages by the Print Spooler service. A local attacker with Manage Printer privileges could exploit this vulnerability to read or print any arbitrary file on the system.

Microsoft Windows could allow a remote attacker to gain elevated privileges on the system, caused by the improper validation of the paths from which a dynamic link library (DLL) is loaded by the Print Spooler service. By sending a specially-crafted RPC message, a remote attacker with Manage Printer privileges could exploit this vulnerability to load the malicious DLL and execute arbitrary code on the system with elevated privileges.
Remedy:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS09-022. See References.
False Positives:
False Negatives:
Required Permission: Windows login
Additional Information:

References:

Microsoft Security Bulletin MS09-022
Vulnerabilities in the Windows Print Spooler Could Allow Remote Code Execution (961501)
http://www.microsoft.com/technet/security/bulletin/ms09-022.mspx

IBM Internet Security Systems X-Force Database
Microsoft Windows Print Spooler service buffer overflow
http://xforce.iss.net/xforce/xfdb/50763

IBM Internet Security Systems X-Force Database
Microsoft Print Spooler service information disclosure
http://xforce.iss.net/xforce/xfdb/50764

IBM Internet Security Systems X-Force Database
Microsoft Windows Print Spooler service privilege escalation
http://xforce.iss.net/xforce/xfdb/50765

ISS X-Force
Microsoft Windows Knowledge Base Article 961501 update is not installed
http://www.iss.net/security_center/static/50766.php

CVE CVE-2009-0228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0228

CVE CVE-2009-0230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0230

CVE CVE-2009-0229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0229
X-Force Logo
Know Your Risks		 Mitre.org CVE Logo
Common Vulnerabilties & Exposures